Version 5.5
DSpace 5.5 can be downloaded immediately from: More information on the 5.5 release (and the 5.x platform in general) can be found in the 5.x Release Notes Upgrade instructions can be found at Upgrading DSpace. |
DSpace 5.5 contains security fixes for both the XMLUI and JSPUI. To ensure your 5.x site is secure, we highly recommend ALL DSpace 5.x users upgrade to DSpace 5.5. |
Summary
DSpace 5.5 is a security & bug fix release to resolve several issues located in previous 5.x releases. As it only provides only bug/security fixes, DSpace 5.5 should constitute an easy upgrade from DSpace 5.x for most users. No database changes or additional configuration changes should be necessary when upgrading from DSpace 5.x to 5.5.
Major bug fixes include:
- XMLUI security fixes:
- [HIGH SEVERITY] The XMLUI "themes/" path is vulnerable to a full directory traversal. (DS-3094 - requires a JIRA account to access.) This means that ANY files on your system which are readable to the Tomcat user account may be publicly accessed via your DSpace website.
- Reported by Virginia Tech
- JSPUI security fixes:
- [MEDIUM SEVERITY] The JSPUI "Edit News" feature (accessible to Administrators) can be used to view/edit ANY files which are readable to the Tomcat user account (DS-3063 - requires a JIRA account to access.)
- REST fixes
- Fixed the "/handle" endpoint (DS-2936)
- REST webapp wasn't registering itself on startup (DS-2946)
- OAI fixes
- Fixed a few incorrect URL encoding issue (DS-3050)
- Fixed the broken "NOT" filter (DS-2820)
- Configuration Fixes
- Fixed misspelling in dcterms registry (conformsTo) (DS-2998)
- Updated our default DataCite configurations to point at the updated DataCite test server (DS-2923)
- Other minor fixes
- Broken SQL query in Item.findByMetadataFieldAuthority API method (DS-2517)
- Mirage2: Ensured printing the item page from doesn't include bitstream URLs (DS-2893)
In addition, this release fixes a variety of minor bugs in the 5.x releases. For more information, see the Changes section below.
Upgrade Instructions
- For upgrade instructions from ANY PRIOR VERSION to 5.5, please see Upgrading DSpace
- When upgrading from any 5.x version, if you're reusing your 5.x configuration, make sure to change all instances of Filter attribute "red" to "ref" (e.g. <Filter red="exampleFilter" /> to <Filter ref="exampleFilter" />) in [dspace]/config/crosswalks/oai/oai.xml. "red" was a temporary workaround for a bug (xoai issue #32), which was fixed in DSpace 5.4.
No new features in DSpace 5.5
5.5 is a bug-fix release. This means it includes no new features and only includes the above listed fixes. For a list of all new 5.x Features, please visit the 5.x Release Notes. |
Changes
The following bug fixes were released in 5.5.
Organizational Details
Release Coordination
- Release Coordinator: Committers Team (shared coordination)
Timeline and Proceeding
Release Timeline:
- Release Date: March 21, 2016